Re: client certificates

From: Shaun Wilde (shaun_wilde_at_nospam.nospam)
Date: 04/08/05


Date: Fri, 8 Apr 2005 20:40:58 +0100

Ah - I see - I did wonder if it had to be something like that

since however that I'd like to handle all browsers I'd have to
consider a java applet rather than just an IE solution

Do you know of any examples of these in ActiveX and/or Java?

thanks

Shaun Wilde

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:ezF$wX7OFHA.3292@TK2MSFTNGP12.phx.gbl...
> If you want to sign a document, you will need code running on their
> workstation such as an ActiveX control or downloaded .NET control. The
> private key exists only on the user's workstation, not on the server.
>
> If your code accesses the private key, the user should be prompted for
their
> password on the key (assuming the key is password protected). I'm not
sure
> if this prompting is cached or not, so you would have to test that. Note
> that since this code will be independent of the web page, your code will
> trigger the request for the key password even if they already entered the
> password to view the page with their client certificate.
>
> Joe K.
>
> "Shaun Wilde" <shaun_wilde@nospam.nospam> wrote in message
> news:O4UuHb6OFHA.244@TK2MSFTNGP12.phx.gbl...
> > #1) I'll give it a try
> >
> > #2) I wish to sign a document - to do so I need to send the data to the
> > users browser - and the client will sign it using their client
certificate
> > (if the client ceetificate is protected by a password then the user
should
> > have to enter the password. Why? It is so if the user leaves their
> > terminal
> > unattended then a malicious user cannot sign it on their behalf as they
> > would not know the password. Security!!
> >
> > I just don't know who to do this.
> >
> >
> > "[MSFT]" <lukezhan@online.microsoft.com> wrote in message
> > news:WJBUjjxOFHA.2944@TK2MSFTNGXA01.phx.gbl...
> >> Hello,
> >>
> >> #1) I think IE will display the cached content when you returns and it
> >> doesn't send request to server side. You may disable client cache with:
> >>
> >> <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
> >>
> >> and
> >>
> >> Response.Expire = -1
> >>
> >> #2) Can you explain more on this issue? I am not clear that why you
need
> >> user input the password and why this page cannot be authenticated.
> >>
> >> Thanks,
> >>
> >> Luke
> >>
> >
> >
>
>